package com.zhanghe.security.provider;

import com.zhanghe.security.authenticationtoken.GithubAuthenticationToken;
import com.zhanghe.security.authenticationtoken.RefreshTokenAuthenticationToken;
import com.zhanghe.security.excepiton.LoginException;
import com.zhanghe.security.excepiton.RefreshtokenExpireException;
import com.zhanghe.security.property.SecurityProperties;
import com.zhanghe.security.service.SimpleUserDetailsService;
import com.zhanghe.security.util.JwtUtil;
import com.zhanghe.security.util.R;
import com.zhanghe.security.util.ResponseUtil;
import com.zhanghe.security.util.ReturnCode;
import com.zhanghe.security.util.auth2.Oauth2Token;
import com.zhanghe.security.util.auth2.github.GithubAuthUtil;
import com.zhanghe.security.util.auth2.github.GithubUserInfo;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.SignatureException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;

public class RefreshTokenAuthenticationProvider implements AuthenticationProvider {

    protected static final Logger logger = LoggerFactory.getLogger(RefreshTokenAuthenticationProvider.class);

    @Autowired
    private SecurityProperties securityProperties;

    @Autowired
    private SimpleUserDetailsService simpleUserDetailsService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        RefreshTokenAuthenticationToken refreshTokenAuthenticationToken = (RefreshTokenAuthenticationToken)authentication;
        String refreshToken = (String)refreshTokenAuthenticationToken.getPrincipal();
        if(refreshToken==null){
            throw new LoginException("refreshtoken为空");
        }
        try{
            String user = JwtUtil.getSubject(refreshTokenAuthenticationToken.getPrincipal().toString(), securityProperties.getTokensecret()).toString();
            UserDetails userDetails = simpleUserDetailsService.loadUserByUsername(user);
            if(userDetails==null){
                throw new LoginException("用户不存在");
            }
            Authentication res = new RefreshTokenAuthenticationToken(userDetails.getAuthorities(),userDetails.getUsername());
            return res;
        }catch (ExpiredJwtException e){
            logger.debug("refreshToken过期,过期token:{}",refreshToken);
            throw new RefreshtokenExpireException("refreshToken过期");
        }catch (SignatureException e){
            logger.error("refreshToken验证不通过,token:{}",refreshToken);
            throw new LoginException("refreshToken验证不通过");
        }catch (Exception e){
            logger.error("refreshToken不合法,token:{}",refreshToken);
            throw new LoginException("refreshToken不合法");
        }
    }

    @Override
    public boolean supports(Class<?> aClass) {
        return aClass.equals(RefreshTokenAuthenticationToken.class);
    }
}
